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CVE CVE-2022-26529 

Title Realtek Linux/Android Bluetooth Mesh SDK — An Out-of-bound 
Write Due to Inconsistent Message Type in Mesh Transport Layer 

Description | In Realtek Android Bluetooth Mesh SDK, an out-of-bound write 
vulnerability can be triggered by sending a series of segmented control 
packets and access packets with the same SeqAuth. There is a defect 
that mesh SDK considers control packet and access packet with the 
same SeqAuth derived from Ivindex, SeqZero, Seq as linked 
segmented packet, which causes them to share the same cache 
memory. However, memory required by control packet is smaller than 
that of the access packet, it can lead to an,out-of-bound write when 
caching access packet in memory allocate ol packet 

Severity Medium 

CVSSv3 Base score 5.3, 
CVSS:3.1/AV:A/AC:H/PR: ANUS :U/E-N/T:N/A:H/E:U/RL:O/RC:C 

Vulnerability | Denial of Service 

Type à 

CWE CWE-120 : Buffer Copy“ hot t)Checking Size of Input (‘Classic 

Phe pro grany copies an input buffer to an output 
that the size of the input buffer is less than the 
eading to a buffer overflow. 

Affected 

Chipsets 

Affected Older than Mesh SDK v4.17-4.17-20220127 

Software 

Versions 
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